CRAVEX: Vulnerability exploitability: Reachability integration

nexB / dejacode

Automate open source license compliance and ensure software supply chain integrity

https://dejacode.readthedocs.io

GNU Affero General Public License v3.0

19 stars 7 forks source link

CRAVEX: Vulnerability exploitability: Reachability integration #103

Open pombredanne opened 2 months ago

pombredanne commented 2 months ago

Create models and design API to integrate external tool's reachability analysis results inform vulnerability ranking

DennisClark commented 2 months ago

A reachable vulnerability has a path from your code to the root cause of a vulnerability.

Gauge risk by identifying whether a function related to the vulnerability is being called by your application, raising the chances of that vulnerability being exploitable in the context of your application.

DennisClark commented 1 month ago

A "reachability ranking" appears to be relevant to product or other first-party code ("your code") and applies to that usage context.